CVE-2025-60685
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a720r_firmware | 4.1.5cu.614_b20230630 |
| totolink | a720r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack buffer overflow in the ToToLink A720R Router firmware version V4.1.5cu.614_B20230630, specifically in the sysconf binary's sub_401EE0 function. The binary reads data from the /proc/stat file into a local buffer using fgets(), then parses it with sscanf() into a single-byte variable using the %s format specifier. If the /proc/stat content is maliciously crafted, it can overwrite adjacent stack memory, leading to a buffer overflow.
How can this vulnerability impact me? :
An attacker with filesystem write privileges can exploit this vulnerability by providing malicious content in the /proc/stat file, causing a stack buffer overflow. This can potentially allow the attacker to execute arbitrary code on the device, which may lead to unauthorized control or compromise of the router.